-
-
Notifications
You must be signed in to change notification settings - Fork 82
Filtering parameters
Sebastian Rettig edited this page Dec 1, 2019
·
1 revision
- validateMetadata:
- set group.license to U if unset
- call validateGroup with metadata as group value
- validateText
- if value != string --> make empty string
- if semantics only allows certain HTML tags: (semantics->tags === defined; means that its HTML)
- add div, span, p, br (= always allowed)
- add alternative names for tags / other related tags
- table -> tr, td, th, colgroup, thead, tbody, tfoot
- b -> strong
- i -> em
- ul -> ol, li
- del, strike --> s
- create regex patterns for allowed styles (if set)
- semantics.font.size
- semantics.font.family
- semantics.font.color
- semantics.font.background
- semantics.font.spacing
- semantics.font.height
- always allow: text-align
- call filter with allowed tags and allowed style patterns
-
-
- Removes characters and constructs that can trick browsers.
-
-
-
- Makes sure all HTML entities are well-formed.
-
-
-
- Makes sure all HTML tags and attributes are well-formed.
-
-
-
- Makes sure no HTML tags contain URLs with a disallowed protocol (e.g.
-
-
- javascript:).
- (in PHP: Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses.)
-
- if not tags allowed
- convert special characters to HTML entities
- cut string to semantics.maxLength
- check if string matches regexp in semantics.regexp
- escapes / characters
- error: Provided string is not valid according to regexp in semantics. (value: "%value", regexp: "%regexp") / semantics-invalid-according-regexp
- validateContentFiles
- check if all content files in the content directory have an allowed file extension
- error: File "%filename" not allowed. Only files with the following extensions are allowed: %files-allowed. / not-in-whitelist
- BREAK
- error: File "%filename" not allowed. Only files with the following extensions are allowed: %files-allowed. / not-in-whitelist
- check if all content files in the content directory have an allowed file extension
- validateNumber
- check if realy is number --> no? --> default = 0
- move within bounds (semantics.min / semantics.max)
- move to next step (semantics.step)
- round number to proper number of decimals
- validateBoolean
- check if is boolean
- validateSelect
- semantics->options != empty --> "strict" set of options
- go through all options
- if option.type === 'optgroup'
- go through suboptions
- set options[suboption.value] to true ??? // TODO: ???
- go through suboptions
- ?????
- if option.type === 'optgroup'
- go through all options
- XXXXXXXXXXXXXX HIER WEITER
- semantics->options != empty --> "strict" set of options
- validateList
- remove list entries beyond max (semantics.max)
- recurse into each entry
- _validateFilelike
- remove relative paths
- remove temporary file suffix (#tmp)
- escape special characters to html in path and mime type (file.path, file.mime)
- remove all attributes expect path, mime and copyright and those set in semantics->extraAttributes and those for the file type
- image: width, height, originalImage
- video: width, height, codecs, quality, bitrate
- make width, height, bitrate to int
- escape file.codecs to html
- process file.quality
- remove file.quality if its not an object or if it hasn't got level and label attributes
- remove all attributes of file.quality expect level and label
- make level to int
- escape label to html
- validate file.copyright against getCopyrightSemantics()
- validateVideo/Audio
- iterate over each list entry and call _validateFilelike
- validateFile/Image
- just call _validateFilelike
- validateGroup XXXXXXXXXXXXXXXXX HIER WEITER